When you use Windows Internet Explorer 9 to browse to a webpage in which some HTML elements contain many attributes, Internet Explorer 9 may display the attribute content as part of the webpage.
- This behavior could lead to cross-site scripting (XSS) vulnerabilities if the content of the attributes comes from an untrusted source.
- This issue does not occur in Internet Explorer 8.
To resolve this problem, install the update that is described in this article.
Security update informationTo resolve this issue, install the most recent cumulative security update for Internet Explorer. To do this, visit the following Microsoft website:Note This update was first included in security update 2618444. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2618444 MS11-099: Cumulative Security Update for Internet Explorer: December 13, 2011
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Article ID: 2643119 - Last Review: Dec 15, 2011 - Revision: 1
Windows Internet Explorer 9